vanguard-cli
v3.1.21
Published
AI-Powered Supply Chain Firewall for Git
Readme
🛡️ Vanguard: AI Supply Chain Firewall
The Enterprise-Grade Security Layer for Git
Installation • Quick Start • How It Works • Configuration
🚀 Why Vanguard?
Modern software supply chain attacks are sophisticated. Traditional antiviruses miss them. Vanguard acts as a firewall between the internet and your codebase.
- 🧠 Hybrid Intelligence: Combines Google Gemini 2.0's reasoning with a curated Threat Intelligence DB and OSV.dev vulnerability data.
- ⚡ Zero-Latency Caching: Uses SHA-256 hashing to memorize safe files. Re-scanning a project takes milliseconds.
- 🔒 Privacy First: Supports Local Ollama. Your code never leaves your machine if you choose local models.
- 🛡️ Proactive Defense: It doesn't just scan; it intercepts Git commands to prevent bad code from reaching your disk.
- ⚡ Flexible Audit Modes: Choose between a Quick Audit (targeting configuration and entry files) or a Deep Audit (full behavioral analysis of all code files).
🏗️ Architecture
Vanguard operates as a protective layer between your command line and the remote repository, combining local heuristics with global intelligence.
graph TD
User["User Command (clone/pull)"] --> CLI["Vanguard CLI"]
CLI --> Cache{"Cache Check (SHA-256)"}
Cache -- "Hit (Safe)" --> Finish["Verdict: PASS"]
Cache -- "Miss" --> Sync["Sync Intelligence"]
Sync --> DB["GitHub Threat DB"]
Sync --> OSV["OSV.dev API"]
DB --> Analysis["AI Analysis"]
OSV --> Analysis
Analysis -- "Gemini 2.0 / Ollama" --> Verdict{"Verdict"}
Verdict -- "Malicious" --> Block["Verdict: BLOCK"]
Verdict -- "Clean" --> SaveCache["Save to Cache"]
SaveCache --> Finish📦 Installation
Ensure you have Node.js (v18+) installed.
npm install -g vanguard-cli🚀 Quick Start
🛡️ Enable Invisible Protection
Integrate Vanguard with your shell (Bash, Zsh, Fish, PowerShell) to automatically scan every git clone.
vanguard integrate📊 Check Status
Verify if the firewall is active or if you are in a protected session.
vanguard status⚙️ Configuration
Setup your Gemini API key or local Ollama endpoint:
vanguard config📥 Secure Clone
Audit and clone any repository in a single command. Vanguard isolates the repo in a sandbox first.
vanguard clone <repository-url>🔄 Secure Pull
Safely update your local codebase. Vanguard audits the diff before merging.
vanguard pull🤝 Contribution
We welcome contributors! Please see our CONTRIBUTING.md for local setup instructions and the CODE_OF_CONDUCT.md for community guidelines.
🔐 Security
To report a vulnerability or an exploit bypass, please follow the protocol in SECURITY.md.
⚖️ License
MIT © 2026 Behram Bazo
